At the NationaLease meeting in early September, Jeff Lanza, retired FBI special agent, demonstrated how cybercrime occurs and what countermeasures businesses can take to combat the innovations of criminals.
Cybercrime can affect companies of any size. Large companies like Capital One, Equifax, Yahoo and others have been infiltrated by hackers, and had thousands of customer files stolen. Here’s a look at some of the largest breaches:
- Yahoo, 2016-2017, 3 billion customer accounts
- Marriott, 2016, 500 million customer accounts
- Equifax, 2017, 147 million customer accounts
- LinkedIn, 2016, 117 million customer accounts
- Capital One, 2019, 106 million customer accounts
In one instance of cybercrime, a single hacker was responsible for more than 1 million computer infections, which resulted in financial losses of more than $100 million. Fleets need to take action to prevent any data breaches.
Lanza shared several behavior recommendations to prevent business owners, operators, and employees from becoming victims of cybercrime. He broke the behaviors down into three categories:
- Protect your identity
- Watch for tricks and scams
- Protect your devices
Protect your identity
There are many common-sense practices to protecting your identity: don’t leave your credit card or card number lying around for someone to see; don’t share your social security number with anyone; shred any documents that contain sensitive information, etc. But there are some additional practices that may help keep your identity safe.
Be sure to use a passcode on all your fleet’s devices. Fifty percent of cell phone users do not use passcodes, which leaves their devices vulnerable to attack. If your devices are not protected with a passcode, hackers will be able to access your device, and download your fleet’s information.
A two-step verification process will add extra security to your accounts when you are accessing various accounts. With this process, an access code is sent via text to the cell phone number on file. You would enter your username and password as usual, and then be prompted to enter the access code as well.
Watch for tricks and scams
Cybercriminals have become very sophisticated and can mimic communications you may receive from your bank, PayPal, government agencies or other businesses.
Beware of fishy looking emails from the IRS, Google docs, Facebook or your bank. Hackers are very savvy in that they can setup emails to contain the familiar logos of your bank or of a government agency. They then use these emails to harvest your login credentials and can use them on many sites to access your accounts.
If something looks strange, do not click on any links in the email. Rather, log in to your accounts by typing the website address into your browser bar, or call the company directly. Also, be sure to use strong passwords on all your accounts, and do not use the same password for all your accounts.
If you receive suspicious text that ask you to call or to click, log in or pay via a provided link, do not take action on any of those requests.
Protect your devices
When your drivers are out on the road, be sure that all of their devices — cell phone, tablet, ELD, etc. — are well protected, and warn them about using unsecured Wi-Fi networks.
When creating passwords on company devices, be sure to choose a strong password. A good password will contain at least eight characters that should include a capital letter, a number and a symbol. For example, “Ak6$15Ym” would be considered a very strong password. Avoid any word or phrase that is too common, such as qwerty, 12345678, football, 111111 or other phrases that are over-used.
Hackers can create “evil twin” Wi-Fi access points in an attempt to skim your information. For example, if you are staying at a hotel, the Wi-Fi network might be named “HotelWifi.” Fraudulent networks may adopt similar names such as FreeHotelWifi or HotelWifiFree to try to confuse you. Be sure to use only the Wi-Fi network provided to you during check-in. If you are unsure which network to use, consult a hotel employee.
When using public Wi-Fi, be sure you are accessing secure websites. Secure website addresses will start with https://. If the sites are not secure, wait to access them until you are on a private network.
Another way to protect your devices is to make sure that all the system software is up to date. When afforded the option be sure that all your devices are set to update automatically. This will help keep your devices protected against the latest virus or malware.
Taking just a few small precautions and keeping up to date on technology security can go a long way to help keep hackers out of your business.